Report: Hacking forum is a cybercrime academy
Certain underground hacking forums are acting as training academies and tech-support networks for cybercriminals as well as creating a marketplace for a vast array of cybercrime tools, say researchers.
Database security firm Imperva has been keeping close tabs on an unnamed hacking message board with nearly 220,000 registered members since 2007. It discovered that the forum is used by hackers of varying abilities for “training, communications, collaboration, recruitment, commerce and even social interaction”. Chat rooms are filled with discussions on everything from attack planning to requests for help with specific campaigns. Newbies can use the forums to find “how-to-hack” tutorials.
Meanwhile the forum’s marketplace acts as an underground bazaar for the sale of either stolen data or attack tools. Other studies by the likes of Symantec have focused on the price of stolen credit card numbers or licensing prices for ZeuS banking Trojan toolkits, for example. Imperva by contrast has paid closer attention to the content of conversations, picking up clues about evolving hacking tactics and approaches in the process.
The forum’s discussions of electronic onslaughts increased during the four-year period of analysis, growing an average of 157 per cent year-on-year between 2007 and 2010. The most chatted about topics in the forum between June 2010 to June 2011 were DoS and DDoS attacks, which were in 22 per cent of discussions, followed by SQL injections (a very common technique for hacking websites), which made up 19 per cent of all chatter. A quarter of discussions over the year up to June 2011 focused on “beginners’ hacking”, with experienced members sharing how-to tutorials and discussing basic methodologies with newbies. Mobile hacking, particularly focused on the iPhone, also figured heavily in discussions.
“Studying hacker forums is important to providing insights into hacker psychology and technical strategies,” explained Imperva CTO Amichai Shulman. “Hacker forums are still not well understood by many in the security community, and we believe that studying and quantifying what happens in these online communities can lead to the development of strategies to combat cybercrime.”
Imperva’s latest Hacker Intelligence Initiative report, which was published on Monday and billed as its most comprehensive to date, can be found here.
The security outfit is careful to say that while the forum it probed is not itself typical, it does provide valuable clues about what’s happening in other less accessible and more hardcore underground forums.
Though there are many forums that are small and solely focused on committing cybercrime, we don’t have access to these. The site we examined is not a hardcore crime site, but it’s not entirely softcore either. New hackers come to this site to learn and on the other hand more experienced hackers teach to gain “street cred” and recognition. In the past, this forum has helped security researchers identify illicit cyber activity. Typically, once hackers have gained enough of a reputation they go to a more hardcore, by-invite-only forum.
Hacking forums continue to the popular hangouts even after incidents where one or two forums have been revealed as being run by hacker turncoats acting as FBI moles or even undercover FBI agents posing as “carders”. ®